← back
CVE-2026-34908

CVE-2026-34908

CVSS 10 CRITICALEPSS 2.5%● KEVCWE-284
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Ubiquiti Inc · EFGUbiquiti Inc · ENVRUbiquiti Inc · ENVR-CoreUbiquiti Inc · Express 7Ubiquiti Inc · UCG-FiberUbiquiti Inc · UCG-IndustrialUbiquiti Inc · UCG-MaxUbiquiti Inc · UCG-UltraUbiquiti Inc · UCKUbiquiti Inc · UCK-EnterpriseUbiquiti Inc · UCKPUbiquiti Inc · UDMUbiquiti Inc · UDM-BeastUbiquiti Inc · UDM-ProUbiquiti Inc · UDM-Pro-MaxUbiquiti Inc · UDM-SEUbiquiti Inc · UDRUbiquiti Inc · UDR-5GUbiquiti Inc · UDR7Ubiquiti Inc · UDWUbiquiti Inc · UNAS-2Ubiquiti Inc · UNAS-4Ubiquiti Inc · UNAS-ProUbiquiti Inc · UNAS-Pro-4Ubiquiti Inc · UNAS-Pro-8Ubiquiti Inc · UniFi OS ServerUbiquiti Inc · UNVRUbiquiti Inc · UNVR-G2Ubiquiti Inc · UNVR-G2-ProUbiquiti Inc · UNVR-InstantUbiquiti Inc · UNVR-Pro
public PoCs found1
githubgithub.com/BishopFox/CVE-2026-34908-check58
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963bhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/